CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1126 vulnerabilities reference this CWE, most recent first.
GHSA-J3JW-J2J8-2WV9
Vulnerability from github – Published: 2021-11-10 20:58 – Updated: 2021-11-15 14:43The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "starkbank-ecdsa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-43569"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-10T18:26:13Z",
"nvd_published_at": "2021-11-09T22:15:00Z",
"severity": "CRITICAL"
},
"details": "The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.",
"id": "GHSA-j3jw-j2j8-2wv9",
"modified": "2021-11-15T14:43:39Z",
"published": "2021-11-10T20:58:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43569"
},
{
"type": "PACKAGE",
"url": "https://github.com/starkbank/ecdsa-dotnet"
},
{
"type": "WEB",
"url": "https://github.com/starkbank/ecdsa-dotnet/releases/tag/v1.3.2"
},
{
"type": "WEB",
"url": "https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Verification of Cryptographic Signature in starkbank-ecdsa"
}
GHSA-J3VP-XQJF-C8PJ
Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.
{
"affected": [],
"aliases": [
"CVE-2018-10470"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-12T17:29:00Z",
"severity": "MODERATE"
},
"details": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.",
"id": "GHSA-j3vp-xqjf-c8pj",
"modified": "2022-05-13T01:02:17Z",
"published": "2022-05-13T01:02:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10470"
},
{
"type": "WEB",
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"type": "WEB",
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J477-6VPG-6C8X
Vulnerability from github – Published: 2026-01-29 15:21 – Updated: 2026-01-29 15:21Impact
Cross-model Relation authorization is broken and has a potential security vulnerability. If the controller does not have the root key to verify the macaroon (or if the macaroon has expired), an unvalidated and therefore untrusted macaroon is used to extract declared caveats. Facts from these caveats are then blindly used to mint a new macaroon that becomes valid.
Scenario
A user knows that user X has access to offer Y. The user mints a macaroon stating that user X has access to offer Y and sends it to the controller in a request. The controller fails to verify the macaroon because it lacks the root key and mints a new macaroon requiring proof that user X has access to offer Y. Since user X does have access and the discharge endpoint does not require authentication, the controller returns the new macaroon. The user can then use the returned macaroon to consume the offer as user X.
Patches
N/A
Workarounds
A previous proposal via this PR addresses the issue but would break model migrations since macaroon root keys are not included in model descriptions. Additionally, root keys are not model-scoped, making it unclear which keys to transfer during migration.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/juju/juju"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.0.0-20260127110037-9b1a0e53a4a4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-1237"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-29T15:21:27Z",
"nvd_published_at": "2026-01-28T15:16:16Z",
"severity": "LOW"
},
"details": "### Impact\n\nCross-model Relation authorization is broken and has a potential security vulnerability. If the controller does not have the root key to verify the macaroon (or if the macaroon has expired), an unvalidated and therefore untrusted macaroon is used to extract declared caveats. Facts from these caveats are then blindly used to mint a new macaroon that becomes valid.\n\n### Scenario\n\nA user knows that user X has access to offer Y. The user mints a macaroon stating that user X has access to offer Y and sends it to the controller in a request. The controller fails to verify the macaroon because it lacks the root key and mints a new macaroon requiring proof that user X has access to offer Y. Since user X does have access and the discharge endpoint does not require authentication, the controller returns the new macaroon. The user can then use the returned macaroon to consume the offer as user X.\n\n### Patches\n\nN/A\n\n### Workarounds\n\nA previous proposal via [this PR](https://github.com/juju/juju/pull/21062) addresses the issue but would break model migrations since macaroon root keys are not included in model descriptions. Additionally, root keys are not model-scoped, making it unclear which keys to transfer during migration.",
"id": "GHSA-j477-6vpg-6c8x",
"modified": "2026-01-29T15:21:27Z",
"published": "2026-01-29T15:21:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/juju/juju/security/advisories/GHSA-j477-6vpg-6c8x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1237"
},
{
"type": "WEB",
"url": "https://github.com/juju/juju/pull/21062"
},
{
"type": "PACKAGE",
"url": "https://github.com/juju/juju"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"type": "CVSS_V4"
}
],
"summary": "Juju has broken CMR authorization"
}
GHSA-J4H7-9CC4-7F3R
Vulnerability from github – Published: 2026-07-14 12:31 – Updated: 2026-07-14 12:31A vulnerability has been identified in Opcenter X (All versions < V2604). Affected applications do not properly validate the algorithm specified in the JSON Web Token (JWT) header. This could allow an unauthenticated remote attacker to forge arbitrary JWT, bypass authentication mechanisms and impersonate any user including administrative accounts, potentially gaining full unauthorized access to the application.
{
"affected": [],
"aliases": [
"CVE-2026-56451"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T10:16:33Z",
"severity": "CRITICAL"
},
"details": "A vulnerability has been identified in Opcenter X (All versions \u003c V2604). Affected applications do not properly validate the algorithm specified in the JSON Web Token (JWT) header.\nThis could allow an unauthenticated remote attacker to forge arbitrary JWT, bypass authentication mechanisms and impersonate any user including administrative accounts, potentially gaining full unauthorized access to the application.",
"id": "GHSA-j4h7-9cc4-7f3r",
"modified": "2026-07-14T12:31:15Z",
"published": "2026-07-14T12:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56451"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-096828.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J4QF-3W33-8CGC
Vulnerability from github – Published: 2022-05-14 01:04 – Updated: 2024-04-25 21:00A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "simplesamlphp/simplesamlphp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.17"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-18122"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-25T21:00:27Z",
"nvd_published_at": "2018-02-02T15:29:00Z",
"severity": "HIGH"
},
"details": "A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.",
"id": "GHSA-j4qf-3w33-8cgc",
"modified": "2024-04-25T21:00:27Z",
"published": "2022-05-14T01:04:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18122"
},
{
"type": "WEB",
"url": "https://github.com/simplesamlphp/simplesamlphp/commit/e2d53086abbb253efb24ddcb49b116246eb0b6ca"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-18122.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/simplesamlphp/simplesamlphp"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html"
},
{
"type": "WEB",
"url": "https://simplesamlphp.org/security/201710-01"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4127"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "SimpleSAMLphp Signature validation bypass"
}
GHSA-J5CC-94PP-784R
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. The vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the secure boot process of an affected device. To exploit this vulnerability, the attacker would need to have unauthenticated physical access to the device or obtain privileged access to the root shell on the device.
{
"affected": [],
"aliases": [
"CVE-2021-1453"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-24T20:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. The vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the secure boot process of an affected device. To exploit this vulnerability, the attacker would need to have unauthenticated physical access to the device or obtain privileged access to the root shell on the device.",
"id": "GHSA-j5cc-94pp-784r",
"modified": "2022-05-24T17:45:15Z",
"published": "2022-05-24T17:45:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1453"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-BQ5hrXgH"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-J6WX-X2H7-QPHP
Vulnerability from github – Published: 2026-01-16 09:31 – Updated: 2026-01-16 09:31There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image.
{
"affected": [],
"aliases": [
"CVE-2025-12006"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-16T09:15:58Z",
"severity": "HIGH"
},
"details": "There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image.",
"id": "GHSA-j6wx-x2h7-qphp",
"modified": "2026-01-16T09:31:21Z",
"published": "2026-01-16T09:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12006"
},
{
"type": "WEB",
"url": "https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2026"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J7J7-G4WW-PXG5
Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2022-11-04 20:38In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. This only affect those running in Distributed mode.
In distributed mode, JMeter makes an architectural assumption that it is operating on a 'safe' network. i.e. everyone with access to the network is considered trusted.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.jmeter:ApacheJMeter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-1287"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-04T20:38:23Z",
"nvd_published_at": "2018-02-14T14:29:00Z",
"severity": "CRITICAL"
},
"details": "In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. This only affect those running in Distributed mode.\n\nIn distributed mode, JMeter makes an architectural assumption that it is operating on a \u0027safe\u0027 network. i.e. everyone with access to the network is considered trusted.",
"id": "GHSA-j7j7-g4ww-pxg5",
"modified": "2022-11-04T20:38:23Z",
"published": "2022-05-13T01:49:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1287"
},
{
"type": "WEB",
"url": "https://github.com/apache/jmeter/issues/4677"
},
{
"type": "WEB",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=62039"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/jmeter"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b@%3Cissues.jmeter.apache.org%3E"
},
{
"type": "WEB",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpYsFx1%2Brwz1A%3Dmc7wAgbDHARyj1VrWNg41y9OySuL1mqw%40mail.gmail.com%3E"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Missing certificate validation in Apache JMeter"
}
GHSA-J7V6-6XVH-3JWV
Vulnerability from github – Published: 2023-05-04 09:30 – Updated: 2024-04-04 03:47DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.
{
"affected": [],
"aliases": [
"CVE-2023-25934"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-04T07:15:22Z",
"severity": "HIGH"
},
"details": "\nDELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.\n\n",
"id": "GHSA-j7v6-6xvh-3jwv",
"modified": "2024-04-04T03:47:56Z",
"published": "2023-05-04T09:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25934"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000212970/dsa-2023-109-dell-ecs-security-update-for-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J8M7-7FM4-J768
Vulnerability from github – Published: 2022-05-14 01:01 – Updated: 2022-05-14 01:01An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2018-12356"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-15T02:29:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution.",
"id": "GHSA-j8m7-7fm4-j768",
"modified": "2022-05-14T01:01:33Z",
"published": "2022-05-14T01:01:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12356"
},
{
"type": "WEB",
"url": "https://git.zx2c4.com/password-store/commit/?id=8683403b77f59c56fcb1f05c61ab33b9fd61a30d"
},
{
"type": "WEB",
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired"
},
{
"type": "WEB",
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf"
},
{
"type": "WEB",
"url": "https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.html"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2018/06/14/3"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.